An asymmetric pairing over groups of composite order is a bilinear map $e: G_1 \\times G_2 \\to G_T$ for groups $G_1$ and $G_2$ of composite order $N=pq$. We observe that a recent construction of pairing-friendly elliptic curves in this setting by Boneh, Rubin, and Silverberg exhibits surprising and unprecedented structure: projecting an element of the order-$N^2$ group $G_1 \\oplus G_2$ onto the bilinear groups $G_1$ and $G_2$ requires knowledge of a trapdoor. This trapdoor, the square root of a certain number modulo $N$, seems strictly weaker than the trapdoors previously used in composite-order bilinear cryptography.

In this paper, we describe, characterize, and exploit this surprising structure. It is our thesis that the additional structure available in these curves will give rise to novel cryptographic constructions, and we initiate the study of such constructions. Both the subgroup hiding and SXDH assumptions appear to hold in the new setting; in addition, we introduce custom-tailored assumptions designed to capture the trapdoor nature of the projection maps into $G_1$ and $G_2$. Using the old and new assumptions, we describe an extended variant of the Boneh-Goh-Nissim cryptosystem that allows a user, at the time of encryption, to restrict the homomorphic operations that may be performed. We also present a variant of the Groth-Ostrovsky-Sahai NIZK, and new anonymous IBE, signature, and encryption schemes.

The authentication encryption (AE) scheme based on the duplex construction can no be paralellized at the algorithmic level. To be competitive with some block cipher based modes like OCB (Offset CodeBook) or GCM (Galois Counter Mode), a scheme should allow parallel processing. In this note we show how parallel AE can be realized within the framework provided by the duplex construction. The first variant, pointed by the duplex designers, is a tree-like structure. Then we simplify the scheme replacing the final node by the bitwise xor operation and show that such a scheme has the same security level.

In order to protect the proxy signers\' privacy, many anonymous proxy signature schemes which are also called proxy ring signatures, have been proposed. Although the provable security in the random oracle model has received a lot of criticism, there is no provable secure anonymous proxy signature scheme without random oracles. In this paper, we propose the ﬁrst provable secure anonymous proxy signature scheme without random oracles which is the combination of proxy signature and ring signa-ture. For the security analysis, we categorize the adversaries into three types accord-ing to different resources they can get and prove in the standard model that, our pro-posal is anonymous against full key exposure and existential unforgeable against all kinds of adversaries with the computational Difﬁe-Hellman and the subgroup hiding assumptions in bilinear groups.

The Government Communications Headquarters (GCHQ) in Cheltenham has agreed in principle to sponsor two PhD/Doctoral Studentships at Bristol University in the area of Cryptography. See the link below for the two project descriptions.

The studentships are only open to UK nationals and the successful candidate will be required to spend in the region of 2 - 4 weeks per year at GCHQ headquarters in Cheltenham. To be considered for this studentship, candidates must therefore be prepared to undergo GCHQ\\\'s security clearance procedures.

The studentships will be funded for a period of 3.5 years. GCHQ will cover the costs of university fees (currently £ 3828 per annum) and will provide an annual stipend to the student corresponding to the National Minimum Stipend (currently £ 13,590 per annum) plus an additional stipend of £ 7,000 per annum. Making a total tax-free stipend of £ 20,590 per annum. A generous travel budget is also provided to enable attendance at international conferences and workshops.

We are looking for two Post-Docs in coding and lattice based cryptography. Contact us if you have (or will have soon) a PhD in Cryptography or a related subject, an excellent publication record and would like to work in a fun environment in Singapore.

More information on Coding and Crypto Research Group at Nanyang Technological University can be found at http://www1.spms.ntu.edu.sg/~ccrg/index.html

The applications will be considered immediately. The positions are for 1 year, but renewable up to 3 years.

We present a new technique to realize attribute-based encryption (ABE) schemes secure in the standard model against chosen-ciphertext attacks (CCA-secure). Our approach is to extend certain concrete chosen-plaintext secure (CPA-secure) ABE schemes to achieve more efficient constructions than the known generic constructions of CCA-secure ABE schemes. We restrict ourselves to the construction of attribute-based key encapsulation mechanisms (KEMs) and present two concrete CCA-secure schemes: a key-policy attribute-based KEM that is based on Goyal\'s key-policy ABE and a ciphertext-policy attribute-based KEM that is based on Waters\' ciphertext-policy ABE. To achieve our goals, we use an appropriate hash function and need to extend the public parameters and the ciphertexts of the underlying CPA-secure encryption schemes only by a single group element. Moreover, we use the same hardness assumptions as the underlying CPA-secure encryption schemes.

In this note we describe some general-purpose, high-efficiency elliptic curves targeting at security levels beyond $2^{128}$. As a bonus, we also include legacy-level curves. The choice was made to facilitate state-of-the-art implementation techniques.

A multiparty computation (MPC) protocol allows a set of players to compute a function of their inputs while keeping the inputs private and at the same time securing the correctness of the output. Most MPC protocols assume that the adversary can corrupt up to a fixed fraction of the number of players. Hirt and Maurer initiated the study of MPC under more general corruption patterns, in which the adversary is allowed to corrupt any set of players in some pre-defined collection of sets [6]. In this paper we consider this important direction of research and present significantly improved communication complexity of MPC protocols for general adversary structures. More specifically, ours is the first unconditionally secure protocol that achieves linear communication in the size of Monotone Span Program representing the adversary structure in the malicious setting against any Q2 adversary structure, whereas all previous protocols were at least cubic.